CVE-2013-3630

Moodle SpellChecker Path Authenticated Remote Command Execution

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3630. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Moodle by manipulating the spellchecker path to execute arbitrary commands. It also leverages a session key escalation via XSS to gain admin privileges if needed.

Description

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/29324

This Metasploit module exploits a command injection vulnerability in Moodle by manipulating the spellchecker path to execute arbitrary commands. It also leverages a session key escalation via XSS to gain admin privileges if needed.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Moodle 2.5.2, 2.2.3
Auth required
Prerequisites: Authenticated user credentials · Access to Moodle admin settings or stolen sesskey
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.6452
EPSS Percentile 98.5%

Details

CWE
CWE-94
Status published
Products (50)
moodle/moodle 1.1.1
moodle/moodle 1.2.0
moodle/moodle 1.2.1
moodle/moodle 1.3.0
moodle/moodle 1.3.1
moodle/moodle 1.3.2
moodle/moodle 1.3.3
moodle/moodle 1.3.4
moodle/moodle 1.4.1
moodle/moodle 1.4.2
... and 40 more
Published Nov 01, 2013
Tracked Since Feb 18, 2026